Dennis Won denniswon
denniswon
/ gist:b7a9698251f6ad4f8c6b4e813bcb465a
Created
March 16, 2026 03:39
Vulnerability Report: Missing Ownership Verification in PolicyClientRegistry.registerClient
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Report: Missing Ownership Verification in PolicyClientRegistry.registerClient | |
| Executive Summary | |
| The PolicyClientRegistry.registerClient function lacks verification that the caller is the actual owner of the policy client being registered. This allows any address to register as the "registry owner" of any INewtonPolicyClient contract, enabling them to control the client's active status and block identity linking operations in the dependent IdentityRegistry. | |
| Vulnerability Details | |
| Location |
denniswon
/ gist:329800d69d2935fa43400b12f1d65d73
Created
March 16, 2026 03:39
Vulnerability Report: Non-Canonical EIP-712 Array Encoding in IdentityRegistry
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Report: Non-Canonical EIP-712 Array Encoding in IdentityRegistry | |
| Executive Summary | |
| The IdentityRegistry contract contains a critical encoding flaw in its EIP-712 signature verification logic. The contract hashes bytes32[] arrays using abi.encode() instead of the canonical EIP-712 specification requiring abi.encodePacked(). This mismatch causes all standard EIP-712 signatures to fail verification, completely breaking the signature-based identity linking functionality. | |
| Vulnerability Details | |
| Location |
denniswon
/ gist:f08eafb0fbcb681d7506e9d39e442691
Created
March 16, 2026 00:20
Vulnerability Report: Frozen Funds Due to Incorrect transferFrom Usage in Withdrawal Function
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Report: Frozen Funds Due to Incorrect transferFrom Usage in Withdrawal Function | |
| Executive Summary | |
| The NewtonPersonalVault contract contains a critical flaw in its _withdraw function that renders all post-expiration withdrawals impossible. The function incorrectly uses transferFrom instead of transfer when moving tokens from the vault to the beneficiary, requiring a self-allowance that is never set and cannot be set after expiration. | |
| Vulnerability Details | |
| Location |
denniswon
/ gist:3e4f2a88ba9a6c8836ea2bdf7acc7743
Created
March 15, 2026 23:32
Vulnerability Report: Flawed Challenge Logic in challengeDirectlyVerifiedMismatch Enables Illegitimate Operator Slashing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Vulnerability Report: Flawed Challenge Logic in challengeDirectlyVerifiedMismatch Enables Illegitimate Operator Slashing | |
| Executive Summary | |
| The challengeDirectlyVerifiedMismatch function in ChallengeVerifier.sol contains multiple critical flaws that enable illegitimate slashing of operators on source chains. The function compares incompatible hash formats that are guaranteed to mismatch, lacks time-bound restrictions, ignores the global isChallengeEnabled flag, and has no protection against repeated slashing of the same task. | |
| Vulnerability Details | |
| Root Cause Analysis |
denniswon
/ gist:1b9e6911431ef9d49f67ec84becf32df
Created
March 15, 2026 19:36
Security Report: Cross-Chain Challenge Slashing Vulnerability
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Security Report: Cross-Chain Challenge Slashing Vulnerability | |
| Executive Summary | |
| A critical vulnerability exists in the slashForCrossChainChallenge function of ChallengeVerifier.sol that allows arbitrary slashing of operators on the source chain. The function fails to bind the ZK proof's public values to the caller-supplied inputs and accepts an unverified non-signer list, enabling attackers to slash any chosen operator set without legitimate grounds. | |
| Vulnerability Details | |
| Location |
denniswon
/ gist:00cda380d0fc9393b469ea41ef2fbe03
Created
March 14, 2026 14:38
Support flexible identity data schemas beyond KYC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://linear.app/magiclabs/issue/NEWT-710/support-flexible-identity-data-schemas-beyond-kyc | |
| ⏺ I now have the complete data flow mapped. Let me summarize what I've found and present the implementation plan. | |
| ★ Insight ───────────────────────────────────── | |
| The full identity data flow has 6 touchpoints that need updating: | |
| 1. Gateway RPC (identity.rs types) — already domain-aware (identity_domain: FixedBytes<32>) | |
| 2. Gateway data provider (data_provider.rs) — encrypt_identity_data() takes typed IdentityData (needs to become domain-agnostic) | |
| 3. chainio (identity_data.rs) — IdentityData sol struct (8 KYC fields), fetch_identity_data() returns opaque String, | |
| EncryptedIdentityData (single string data) |
denniswon
/ validateAttestationDirect-block-investigation.txt
Last active
March 13, 2026 08:08
validateAttestationDirect block number investigation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Here's my complete analysis: | |
| Part 1: Why blocknumber - 1 Exists | |
| The BLS verification chain requires this: | |
| Gateway Contract (createTask) Contract (validateAttestationDirect) | |
| │ │ │ | |
| │ current_block = 10433577 │ │ | |
| │ task_created_block = 10433576 │ │ |
denniswon
/ gist:c01abc0d3d3e5702a052e66dea11dbea
Created
March 11, 2026 00:49
Recall MCP — Self-Hosted Setup Guide
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Recall MCP — Self-Hosted Setup Guide | |
| Self-hosted Recall MCP for Claude Code using Upstash Redis (cloud) and the open-source `@joseairosa/recall` NPM package. No local Redis, no Docker, no subscription. | |
| Source: https://github.com/joseairosa/recall | |
| --- | |
| ## Prerequisites |
denniswon
/ gist:e997c1073ad7af8c5521ed10b0ab787b
Created
March 10, 2026 09:43
Rhinestone Chain Abstraction (Warp) — Technical Summary
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| Rhinestone Chain Abstraction (Warp) — Technical Summary | |
| What It Is | |
| Rhinestone Warp is an intent-based cross-chain execution engine built on ERC-7579 smart account modules. Users express desired outcomes ("send 100 USDC | |
| from Optimism to Base and deposit into a vault"), and a competitive solver/relayer market fulfills them — handling bridging, swapping, and gas | |
| abstraction transparently. | |
| ★ Insight ───────────────────────────────────── |
denniswon
/ gist:1c4602859835ded307eb4ddb402c2e9c
Created
March 8, 2026 01:00
Viem vs Newton SDK — Architecture Comparison
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| Viem vs Newton SDK — Architecture Comparison | |
| Where Newton SDK Already Aligns with Viem | |
| ┌────────────────────┬────────────────────────┬──────────────────────────────────────┬───────────┐ | |
| │ Area │ Viem │ Newton SDK │ Status │ | |
| ├────────────────────┼────────────────────────┼──────────────────────────────────────┼───────────┤ | |
| │ Linter/Formatter │ Biome │ Biome 1.9.4 │ Already │ | |
| │ │ │ │ aligned │ |